Enhanced Architecture for Misconfiguration and Intrusion Detection Using Centralized Rule Based System

Executive Summary

Web servers and web-based applications are popular attack targets. Web servers are usually accessible through corporate firewalls. The number of reported web application vulnerabilities is increasing dramatically. Thus the task of securing web applications is one of the most urgent. On the other hand traditional protection mechanisms like firewalls were not designed to protect web applications and thus do not provide adequate defense. Current attacks cannot be thwarted by just blocking ports 80 (HTTP) and 443 (HTTPS).Previously known intrusion detection systems are not efficient with more false positive alarms and more time and space complexity. In this paper a new IDS architecture is introduced which detect mis-configuration and intrusion simultaneously.